Next-Gen CASB Blog

Security Rundown: Bad Rabbit, Malware-laden docs, and more

A new variation of Petya ransomware is making its way through Russia and Ukraine.

Bad Rabbit is the latest form of ransomware targeting organizations with file-encrypting malware. While many characteristics of this attack mirrored those of the Petya ransomware in June, it was unique in that it used the Trojan-like Mimikatz tool to extract credentials from affected systems.

The danger in new ransomware variants is the potential for spread to vulnerable devices. Where endpoints are not yet updated to detect these zero-day attacks, cloud app threat protection can serve as an organization's first line of defense. As ransomware evolves and becomes more potent, the ability to identify malware in the cloud based on the characteristics of a file as opposed to hash or signature-based scans can prove critical.

Apple is quick to refute claims that they have reduced accuracy of Apple Face ID:

With lower iPhone 8 sales than expected, Apple is preparing its inventory of iPhone X to ensure it can meet the demands of the holidays. However, in light of the device’s complex technology, specifically the components that enable Apple Face ID, manufacturing is not a particularly simple process.

Earlier this week, accusations arose that Apple permitted its suppliers to decrease the quality of the iPhone X’s facial recognition technology in order to ramp up production and ensure that end-of-year demands are met. However, Apple has since refuted the story and doubled down on its commitment to the privacy and security of its customers’ devices and data. If production cannot match demand by the end of the year, Apple has no intention of compromising the product’s integrity.

This commitment to strong security is good news for organizations that choose to enable bring your own device (BYOD). However, for those with concerns around the effectiveness of Apple Face ID, other measures must be taken to secure corporate data on iPhone X. Because employees are often hesitant to install agents on their personal mobile devices, enterprises must adopt alternative solutions to securely authenticate users. In particular, these solutions should be able to selectively wipe data and enforce device controls. These device controls include critical authentication requirements – requiring PIN codes instead of face ID to unlock devices, allowing only a certain amount of time until a phone automatically locks, et cetera.

Malware makes its rounds through a document targeted at people interested in cybersecurity.

State-backed hackers are emailing security researchers malicious documents about a real cybersecurity conference. The nature of the email seems official, and the attached document contains text and logos that give it the appearance of legitimacy. However, despite this facade, the threat variant contained within the document can be particularly dangerous in that it executes upon opening.

This event serves as an example of the way that hackers continue to refine their methods of exfiltrating data and infecting devices. Whether it’s a regular phishing attempt with a more sophisticated appearance or a new attack vector altogether, organizations must be prepared for any threat that may arise. As such, they need to adopt advanced threat protection (ATP) capabilities as part of CASBs that can detect and defend against malware in real time. Whether threats are sent through emails, uploaded to cloud apps, downloaded from cloud apps, or anything else, enterprises must be ready for any attack at any time.